[OE-core] [PATCH 2/2] bind: disable ecdsa if openssl doesn't support it
Richard Purdie
richard.purdie at linuxfoundation.org
Wed Jul 5 14:28:38 UTC 2017
On Wed, 2017-07-05 at 15:58 +0800, kai.kang at windriver.com wrote:
> From: Kai Kang <kai.kang at windriver.com>
>
> Distro feature 'openssl-no-weak-ciphers' is introduced to disable
> openssl weak ciphers support which include ecdsa. So configure bind
> without ecdsa if openssl doesn't support it.
>
> Signed-off-by: Kai Kang <kai.kang at windriver.com>
> ---
> meta/recipes-connectivity/bind/bind_9.10.3-P3.bb | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/meta/recipes-connectivity/bind/bind_9.10.3-P3.bb
> b/meta/recipes-connectivity/bind/bind_9.10.3-P3.bb
> index 7eb79b0..e10cffc 100644
> --- a/meta/recipes-connectivity/bind/bind_9.10.3-P3.bb
> +++ b/meta/recipes-connectivity/bind/bind_9.10.3-P3.bb
> @@ -41,6 +41,7 @@ ENABLE_IPV6 = "--enable-ipv6=${@bb.utils.contains('
> DISTRO_FEATURES', 'ipv6', 'ye
> EXTRA_OECONF = " ${ENABLE_IPV6} --with-libtool --enable-threads \
> --disable-devpoll --enable-epoll --with-gost=no \
> --with-gssapi=no --with-ecdsa=yes \
> + --with-ecdsa=${@bb.utils.contains('DISTRO_FEATURES'
> , 'openssl-no-weak-ciphers', 'no', 'yes', d)} \
> --sysconfdir=${sysconfdir}/bind \
> --with-openssl=${STAGING_LIBDIR}/.. \
> "
>
I think there are a few more questions that need answering about this,
like why ecdsa is considered weak but this patch leaves --with-
ecdsa=yes in there which is confusing at best.
I do think these are best controlled as individual PACKAGECONFIG
options rather than a distro setting which is ambigous (what is
'weak').
Cheers,
Richard
More information about the Openembedded-core
mailing list